Description
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
Product(s):
- Microsoft MDAC 1.5
- Microsoft MDAC 2.0
- Microsoft MDAC 2.1.1.3711.11_ga
- Microsoft MDAC 2.12.4202.3
- Microsoft MDAC 2.1
- Microsoft data_access_components 2.5
- Microsoft MDAC 2.5 rtm
- Microsoft MDAC 2.5 sp1
- Microsoft MDAC 2.5 sp2
- Microsoft data_access_components 2.5 sp3
- Microsoft data_access_components 2.6
- Microsoft MDAC 2.6 rtm
- Microsoft MDAC 2.6 sp1
- Microsoft MDAC 2.6 sp2
- Microsoft data_access_components 2.7
- Microsoft MDAC 2.7_rtm_refresh
- Microsoft data_access_components 2.7 sp1
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0353, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0353 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.